Cybersecurity news provided by NetworkTigers on Monday, 30 August 2021.
SAN MATEO, CA — Hackers disrupt Boston Public Library, researcher posts Windows 10 Hack, hacker returns all crypto stolen from PolyNetwork, outpatients facilities attacked as often as hospitals, 21 year old claims responsibility for T-mobile hack, Georgia healthcare provider loses PHI of almost 10,000 patients, Indianapolis hospital patient data for sale on dark web, millions of private records exposed due to misconfigured setting, California university breach leaks student vaccination exemption requests, U.S. State Department said to have been under cyberattack, unpatched Microsoft Exchange servers under attack, T-Mobile data breach affects almost 55 million customers.
Hackers disrupt Boston Public Library
The Boston Public Library experienced disrupted services and a “systemwide technical shutdown” due to a cyberattack. The library staff acted quickly as soon as unusual activity was detected, taking their systems offline and preventing access to or theft of employee or patron data. People are still able to check out books and some online services remain available as the library works to fully restore its system. Read more.
Researcher posts Windows 10 hack
A researcher that discovered and reported a simple but devastating Windows 10 hack became discouraged after not receiving a response from the company and posted instructions for how to execute the hack on Twitter. The tweet quickly went viral. The hack involves using a Razer mouse to gain admin access to any Windows 10 computer it is plugged into. After the tweet went public, the researcher was contacted by Razer who said that they were working to fix the bug and offered them a bounty. Read more.
Hacker returns all crypto stolen from PolyNetwork
The hack of cryptocurrency platform PolyNetwork made headlines as the largest crypto theft recorded with the perpetrator stealing $610 million. However, PolyNetwork embraced the hacker, referred to them as “Mr. White Hat,” and even went so far as to offer them a position at the company. According to PolyNetwork, all funds have been returned. The unusual nature of the attack and the events that followed have left many wondering if perhaps the hack was a stunt or an attempted scam by the company. Read more.
Report: outpatient facilities attacked as often as hospitals
A report from cybersecurity firm Critical Insight, outpatient facilities such as specialty clinics and family care offices were targeted by cybercriminals just as frequently as hospitals in the first half of 2021. Their data indicates that smaller healthcare centers keep the same data as larger ones and often use the same technology. However, with less money to properly protect their data, they are easier targets for criminal activity. Read more.
21 year-old claims responsibility for T-Mobile hack
John Binns, a 21 year-old living in Turkey, has claimed responsibility for the massive hack on T-Mobile that exposed the data of millions of customers. Binns cited his motivation for the hack as retaliation against the U.S. for his alleged 2019 kidnapping by the CIA and Turkish intelligence agents. Binns referred to T-Mobile’s cybersecurity as “awful” and reportedly gained access to their servers from his mother’s home in Turkey. Read more.
Georgia healthcare provider loses PHI of almost 10,000 patients
Georgia healthcare provider Atlanta Allergy & Asthma has reported that a January cyberattack resulted in the theft of the personal healthcare information of 9,800 patients. The company’s report says that it is currently not away of any misuse of the stolen data, which includes addresses, names, Social Security numbers and more. The healthcare center is urging affected people to enroll in complimentary credit monitoring services and keep a close watch on their online accounts. Read more.
Indianapolis hospital patient data for sale on dark web
Indianapolis’ Eskenazi Health suffered a ransomware attack earlier this month that resulted in patient data being posted for sale on the dark web. The hospital did not pay the ransom and is working with the FBI to investigate the matter. The hospital is urging both patients and staff to closely monitor their online accounts for any suspicious activity. The attack briefly disrupted both ambulance activity and the accessing of electronic medical files. Read more.
Millions of private records exposed due to misconfigured setting
American Airlines, New York’s Metropolitan Transportation Authority, Ford Motor Co., and many other corporations and government agencies have exposed the data of millions of people due to a misconfigured privacy setting in Microsoft’s Power Apps software. According to security researchers at UpGuard, the data, which included Social Security numbers, addresses, COVID-19 vaccination data and more, has been exposed for months. The vulnerability has reportedly been fixed. Read more.
California university breach leaks student vaccination exemption requests
California State University, Chico, has suffered a data breach which resulted in 130 students’ religious exemption requests to refuse COVID-19 vaccines being posted online. Student names and phone numbers were attached to many of the leaked requests. The school has issued a statement saying they are aware of the leak and investigating the breach. Read more.
U.S. State Department said to have been under cyberattack
The U.S. Department of Defense Cyber Command has reportedly issued a notification that the State Department was hit by a cyberattack weeks ago. The State Department is said to have not experienced any serious disruptions in its continued efforts to evacuate American allies in Afghanistan due to the attack. No official statement regarding the reported cyberattack has been made. Read more.
Unpatched Microsoft Exchange servers under attack
CISA has warned Microsoft Exchange users that unpatched versions of the product are still vulnerable and continue to come under attack. The latest threats are coming from efforts to exploit ProxyShell attack chain vulnerabilities in the software. These vulnerabilities could allow an outside individual to execute code on a machine using Microsoft Exchange. Read more.
T-Mobile data breach affects almost 55 million customers
As more information regarding the breach suffered by mobile carrier T-Mobile is reported, it is now estimated that 54.6 million individuals have had their data compromised. The company has expressed confidence in ending the attack, but admits that more people than originally thought have been affected. T-Mobile was apparently only aware of the breach after customer data had appeared for sale online. Read more.
More cybersecurity news
Read more cybersecurity news and articles brought to you by NetworkTigers.
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com
Mike Syiek, CEO
1029 S. Claremont Ave
San Mateo, CA 94402